Security of Apples disk encryption

[Chippel]

do you guys know how secure the non public disk encryption is Apple provides? I'm asking because I can read all over the net that you shouldn't use BitLocker on Windows because there is a "backdoor" in the encryption and if Microsoft is forced to, they give out the master key to decrypt.

Is Apple Disk encryption (FileVault2) more secure?

 

[Rok73]

I'd say it's freaking secure. Filevault 2 uses XTS-AES 128 encryption. I am not an expert in encryption but from what I understand is that if you have a password with let's say 20 characters with letters from A-Z and numbers from 0-9 and your HDD/SSD is encrypted with AES 128 then it would take hundreds of thousands of years to crack that encryption.

You might google AES 128 encryption yourself, there are quite a lot of questions and answers related to this all over the web.

I don't know much about Bitlocker but I know that it uses the same encryption standard. If the so-called "backdoor" is that Microsoft would give out the "master key" to any authorities, well than that is clearly not a backdoor in the encryption standard itself.

While I researched any typed all of this I began to ask myself which content on your personal drives might be so critical.

 

[Chippel]

I'd say it's freaking secure. Filevault 2 uses XTS-AES 128 encryption. I am not an expert in encryption but from what I understand is that if you have a password with let's say 20 characters with letters from A-Z and numbers from 0-9 and your HDD/SSD is encrypted with AES 128 then it would take hundreds of thousands of years to crack that encryption.

You might google AES 128 encryption yourself, there are quite a lot of questions and answers related to this all over the web.

Thanks for the answer. Moreover it would be good to know if there is a possibility for Apple to break it e.g Backdoor.

 

[Rok73]

Thanks for the answer. Moreover it would be good to know if there is a possibility for Apple to break it e.g Backdoor.

I found a quite interesting article about Microsoft's bitlocker, encryption and backdoors. You should give it a read.

https://theintercept.com/2015/06/04/microsoft-disk-encryption/

 

[Chippel]

Thanks for that. So the message is like "use open source encryption because you can't guarantee if there is.a backdoor", isn't it?

Are there any documents about the DiskEncryption Apple uses? For example backdoor in system encryption or image creation with encryption.

 

[997440]

Regarding not using the iCloud recovery key option, I would assume Apple has the capability (not an actual desire) to extract encryption keys. I'm not saying this a planned backdoor. One company claims that their forensic software has the ability to decrypt FileVault 2, as cited here in a 2012 article :

https://www.cnet.com/news/filevault-2-easily-decrypted-warns-passware/

The company cited in the article advertises their software as still having that ability.

Apple support explains how you might be able to change your login password (without using your PRK (personal recovery key)) with FileVault 2 enabled. I find this troubling, but admittedly I don't fully understand it. I'm not clear on what the limiting term *might* means in the below quote.

[...]Reset using the Reset Password assistant (FileVault must be on)
If FileVault is turned on, you might be able to reset your password using the Reset Password assistant:[...]

https://support.apple.com/en-us/HT202860

In Apple's White Paper it's stated that if your PRK is not stored in iCloud and is lost :

[...]If “Do not store the recovery key with Apple” is selected, then the 24-digit
alphanumeric recovery key must be captured and retained out of band.
This means the individual should set up the system to write the key value
down and store it securely off the computer. Apple has no way to assist in
recovery and all data would be lost if the individual or organization doesn’t
retain the recovery key randomly generated at enable time.
[...]

http://www.training.apple.com/pdf/WP_FileVault2.pdf

Much more research to do on the subject. Maybe someone with actual expertise will chime in.

 

[KALLT]

Regarding not using the iCloud recovery key option, I would assume Apple has the capability (not an actual desire) to extract encryption keys. I'm not saying this a planned backdoor. One company claims that their forensic software has the ability to decrypt FileVault 2, as cited here in a 2012 article :

https://www.cnet.com/news/filevault-2-easily-decrypted-warns-passware/

The company cited in the article advertises their software as still having that ability.

The CNET article is about a workaround using direct memory access via FireWire that was particular to earlier versions of Lion. It is no longer an issue. That being said, extracting the keys from memory is always a possibility, but there are ways to mitigate this. You can configure OS X to evict the FileVault keys from memory upon entering standby and force the device to write a hibernation image to disk and not persist to memory at all. Depending on the device, you might have to adjust the standby and autopoweroff timers as well. It is also a good practice to shut down the device when possible.

Whether you trust Apple is another matter. The very nature of OS X will prevent you from gaining absolute certainty.

 

[997440]

The CNET article is about a workaround using direct memory access via FireWire that was particular to earlier versions of Lion. It is no longer an issue. That being said, extracting the keys from memory is always a possibility, but there are ways to mitigate this. You can configure OS X to evict the FileVault keys from memory upon entering standby and force the device to write a hibernation image to disk and not persist to memory at all. Depending on the device, you might have to adjust the standby and autopoweroff timers as well. It is also a good practice to shut down the device when possible.

Whether you trust Apple is another matter. The very nature of OS X will prevent you from gaining absolute certainty.

You're right about FireWire being needed (at both ends), but I'm not sure that it's OS specific.? The company's statement at system requirements is slightly muddied by their mention of USB right after the FireWire reference -- "Both the target computer and the computer used for acquisition should have FireWire (IEEE 1394) ports. A USB flash drive for Passware FireWire Memory Imager should be 8 GB or more."

Any thoughts on the previously mentioned "reset login password" on a FileVault protected machine? I haven't tried it yet, with or without a firmware PW.

 

[maflynn]

I found a quite interesting article about Microsoft's bitlocker, encryption and backdoors. You should give it a read.

https://theintercept.com/2015/06/04/microsoft-disk-encryption/

Great article, it helped me understand some of the issues, at least with bitlocker, but also the vulnerabilities inherent with OS X.

 

[Chippel]

Does that mean we should use VeraCrypt and other Open Source tools instead of Apple disk encryption cuz it is closed source and Apple is in the USA?

 

[KALLT]

You're right about FireWire being needed (at both ends), but I'm not sure that it's OS specific.? The company's statement at system requirements is slightly muddied by their mention of USB right after the FireWire reference -- "Both the target computer and the computer used for acquisition should have FireWire (IEEE 1394) ports. A USB flash drive for Passware FireWire Memory Imager should be 8 GB or more."

As far as I know, Apple uses Intel’s x86 virtualization to restrict memory access. There is certainly a software side to this, perhaps that is what they expanded or fixed. I don’t know the details though. Is there any reason to believe that the source is still current?

Any thoughts on the previously mentioned "reset login password" on a FileVault protected machine? I haven't tried it yet, with or without a firmware PW.

I have not tried this, but I am curious. I don’t understand how this would work though.

Does that mean we should use VeraCrypt and other Open Source tools instead of Apple disk encryption cuz it is closed source and Apple is in the USA?

Veracrypt has to my knowledge (I may be wrong) never been audited. A version of TrueCrypt was, but that software has since been superseded and there are known vulnerabilities now. Open source is not a guarantee for security. OpenSSL is a very prominent example.

 

[oneMadRssn]

Totally anecdotal, but here it is for your consideration. This was a while ago, before the while iPhone encryption fiasco.

At a wedding ~5 or 6 years ago, I was seated next to a guy that was a full-time technician for the NY state police. He said his job included a lot of tasks, but one of those tasks was getting evidence from seized electronics, such as cameras, GPSs, thumb drives, memory cards, phones, computers, etc. for the detectives to examine, and later hand over to the prosecutors if the case went forward.

I asked him whether he has encountered TrueCrypt lockers and computers locked with Apple FileVault2, and if so, how his office handles such things. I think I remember FileVault2 has just been released when we had this conversation, which is why I had thought to ask him.

He did not get into specifics, but his briefly explained: They have some brute-force dictionary-based tools for unlocking the easy passwords. They generally don't bother spending any significant amount of time on unlocking this stuff, their goal is to get as much evidence as fast as reasonably possible, not to get all the evidence possible. So it sounded like most of the time, if he can't unlock it within a few minutes or half hour, he moves on to the next thing. If the crime is serious, or the suspect is a notorious wanted criminal, they will hand the stuff over to the FBI. He said in his time, that had only occurred once with him, and it was an "America's Most Wanted" level of criminal.

 

[997440]

As far as I know, Apple uses Intel’s x86 virtualization to restrict memory access. There is certainly a software side to this, perhaps that is what they expanded or fixed. I don’t know the details though. Is there any reason to believe that the source is still current?

Yes; if their site is to be believed. I've not yet found independent verification. At a little beyond mid-page under the heading "What's New", "macOS Sierra support" is listed.

BTW, the same software is claimed to have the ability to decrypt VeraCrypt, etc...

 

[You are the One]

Microsoft has proven it's a company that has no regards for users privacy. Read the EULA for W10 and Office365 and understand that they have access to anything you do using the products and services. An important part of their business model is exploiting your private information for their monetary gains. That's why W10 is "free", you trade your privacy for being allowed to use their product. Rest assured, you are the looser in that deal.

The principle that cryptographic algorithms should be open-source is of course good and should be standard, but even if you have a robust and peer reviewed code the next question is the implementation of that code in applications and operating systems, a lot can and often go wrong there.

Unfortunately, in the end it comes down to trust. Even Bruce Schneier alludes to that in the quoted piece from the Intercept.

Can you trust MS, Google, Facebook, Instagram and the rest of the social media privacy harvesters? Absolutely definitely not.

Can you trust Apple? Nope. But what makes Apple different from others is that a) their business model is independent of access to your private information and b) they have made it an long term business strategy to stay away from your private information.

Still, the influence of the criminal racket occupying Washington is of the magnitude that it is hard to believe that there aren't agencies part of that mob that can access a FileVault protected disk.

To conclude, it's hard or even impossible to say "how secure Filevault is", the weakest link in protecting your information is most likely you and the way you use your end-point device. If you have something you really want to protect, don't put it on a computer.

If you want general protection and privacy and a relatively robust eco-system, go with Apple.

This could have been a thread in a Mac Rumors subforum for security.
[doublepost=1476545681][/doublepost]If you are interested in security related to your Mac and OSX:

 

[Chippel]

So imagine there would be a backdoor, where could it be implemented? I mean, do they have any programs to just bypass the password or how would it look like a so called "backdoor"?

 

[Floris]

Thanks for that. So the message is like "use open source encryption because you can't guarantee if there is.a backdoor", isn't it?

Are there any documents about the DiskEncryption Apple uses? For example backdoor in system encryption or image creation with encryption.

Open Source is just as useless as trusting the company.
Unless you know programming and go through the source code. ... You don't know if anybody actually put anything malicious into the open source that slipped through the cracks and won't be known until you or someone else finds it.

At this moment we are not aware that Apple has any backdoor in it. It doesn't seem to be their business, but they seem to have no problem to respect the law and when ordered ~ do as told to stay within the law. Until we have articles where backdoors in FV2 are disclosed, there doesn't seem to be any.

I use it to encrypt all my drives, and I hope brute force won't get through it by having a high entropy etc.

 

[Phil A.]

My personal view of encryption on my devices is that I do it to protect my data in case they get stolen: What a government agency could do if they seized my devices under a valid warrant isn't particularly high on the list of things that worry me!

On that basis, BitLocker or FileVault is fine for my needs

 

[KALLT]

On that basis, BitLocker or FileVault is fine for my needs

Microsoft doesn’t even offer BitLocker to Home editions. The alternative ‘device encryption’ requires a Trusted Platform Module and hardware support for the (Microsoft-owned) InstantGo specification.

 

[Phil A.]

Microsoft doesn’t even offer BitLocker to Home editions. The alternative ‘device encryption’ requires a Trusted Platform Module and hardware support for the (Microsoft-owned) InstantGo specification.

I've never used home edition so wasn't aware of that

 

[KALLT]

VeraCrypt has been audited now, they found quite a few vulnerabilities, some of which were fixed in version 1.19.

 

[Chippel]

Well, that is quite strange. I mean these kind of high vulnerabilities must be from TrueCrypt, right? Because it is the same source code like TrueCrypt. And they found quite a few high issue bugs.

 

[KALLT]

Some vulnerabilities originate in TrueCrypt, but not all. The report distinguishes this. I just saw that the audit did not cover OS X or Linux, just Windows.

 

[You are the One]

“This is why it is vital that companies have their chips pen-tested during the development stage, as the cost and complexity of re-mediating an attack of this kind is enormous,” Pironti concluded.

From "Boffins use Intel chip exploit to run rings around software defences"